From 7ad08649a223a4cd61e67d8334a147f55c79399d Mon Sep 17 00:00:00 2001
From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
Date: Mon, 25 Mar 2019 23:46:59 +0000
Subject: [PATCH] Fix compilation with NO_GSSAPI.

This is a fairly shallow patch, which removes the UI and interactions
with external libraries. Some other machinery (which is dead code in
this configuration) is left in place.

Adapted by me from a patch by Jeroen Roovers.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 7ad08649a22

 config.c        |  4 ++++
 settings.c      | 12 ++++++++++--
 ssh.c           | 16 +++++++++++++++-
 ssh2transport.c |  3 +--
 ssh2userauth.c  |  8 ++++++--
 sshserver.c     | 13 ++++++++++++-
 6 files changed, 48 insertions(+), 8 deletions(-)

diff --git a/config.c b/config.c
index 9c299feecc21..6528a9696584 100644
--- a/config.c
+++ b/config.c
@@ -2442,10 +2442,12 @@ void setup_config_box(struct controlbox *b, bool midsession,
 			      HELPCTX(ssh_kexlist),
 			      kexlist_handler, P(NULL));
             c->listbox.height = KEX_MAX;
+#ifndef NO_GSSAPI
 	    ctrl_checkbox(s, "Attempt GSSAPI key exchange",
 			  'k', HELPCTX(ssh_gssapi),
 			  conf_checkbox_handler,
 			  I(CONF_try_gssapi_kex));
+#endif
 
 	    s = ctrl_getset(b, "Connection/SSH/Kex", "repeat",
 			    "Options controlling key re-exchange");
@@ -2455,11 +2457,13 @@ void setup_config_box(struct controlbox *b, bool midsession,
 			 conf_editbox_handler,
 			 I(CONF_ssh_rekey_time),
 			 I(-1));
+#ifndef NO_GSSAPI
             ctrl_editbox(s, "Minutes between GSS checks (0 for never)", NO_SHORTCUT, 20,
                          HELPCTX(ssh_kex_repeat),
                          conf_editbox_handler,
                          I(CONF_gssapirekey),
                          I(-1));
+#endif
 	    ctrl_editbox(s, "Max data before rekey (0 for no limit)", 'x', 20,
 			 HELPCTX(ssh_kex_repeat),
 			 conf_editbox_handler,
diff --git a/settings.c b/settings.c
index 8d56302677d9..54f5ab7b2919 100644
--- a/settings.c
+++ b/settings.c
@@ -592,21 +592,25 @@ void save_open_settings(settings_w *sesskey, Conf *conf)
     write_setting_b(sesskey, "Compression", conf_get_bool(conf, CONF_compression));
     write_setting_b(sesskey, "TryAgent", conf_get_bool(conf, CONF_tryagent));
     write_setting_b(sesskey, "AgentFwd", conf_get_bool(conf, CONF_agentfwd));
+#ifndef NO_GSSAPI
     write_setting_b(sesskey, "GssapiFwd", conf_get_bool(conf, CONF_gssapifwd));
+#endif
     write_setting_b(sesskey, "ChangeUsername", conf_get_bool(conf, CONF_change_username));
     wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);
     wprefs(sesskey, "KEX", kexnames, KEX_MAX, conf, CONF_ssh_kexlist);
     wprefs(sesskey, "HostKey", hknames, HK_MAX, conf, CONF_ssh_hklist);
     write_setting_i(sesskey, "RekeyTime", conf_get_int(conf, CONF_ssh_rekey_time));
+#ifndef NO_GSSAPI
     write_setting_i(sesskey, "GssapiRekey", conf_get_int(conf, CONF_gssapirekey));
+#endif
     write_setting_s(sesskey, "RekeyBytes", conf_get_str(conf, CONF_ssh_rekey_data));
     write_setting_b(sesskey, "SshNoAuth", conf_get_bool(conf, CONF_ssh_no_userauth));
     write_setting_b(sesskey, "SshBanner", conf_get_bool(conf, CONF_ssh_show_banner));
     write_setting_b(sesskey, "AuthTIS", conf_get_bool(conf, CONF_try_tis_auth));
     write_setting_b(sesskey, "AuthKI", conf_get_bool(conf, CONF_try_ki_auth));
+#ifndef NO_GSSAPI
     write_setting_b(sesskey, "AuthGSSAPI", conf_get_bool(conf, CONF_try_gssapi_auth));
     write_setting_b(sesskey, "AuthGSSAPIKEX", conf_get_bool(conf, CONF_try_gssapi_kex));
-#ifndef NO_GSSAPI
     wprefs(sesskey, "GSSLibs", gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist);
     write_setting_filename(sesskey, "GSSCustom", conf_get_filename(conf, CONF_ssh_gss_custom));
 #endif
@@ -937,7 +941,9 @@ void load_open_settings(settings_r *sesskey, Conf *conf)
     gppb(sesskey, "TryAgent", true, conf, CONF_tryagent);
     gppb(sesskey, "AgentFwd", false, conf, CONF_agentfwd);
     gppb(sesskey, "ChangeUsername", false, conf, CONF_change_username);
+#ifndef NO_GSSAPI
     gppb(sesskey, "GssapiFwd", false, conf, CONF_gssapifwd);
+#endif
     gprefs(sesskey, "Cipher", "\0",
 	   ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);
     {
@@ -990,7 +996,9 @@ void load_open_settings(settings_r *sesskey, Conf *conf)
     gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN",
            hknames, HK_MAX, conf, CONF_ssh_hklist);
     gppi(sesskey, "RekeyTime", 60, conf, CONF_ssh_rekey_time);
+#ifndef NO_GSSAPI
     gppi(sesskey, "GssapiRekey", GSS_DEF_REKEY_MINS, conf, CONF_gssapirekey);
+#endif
     gpps(sesskey, "RekeyBytes", "1G", conf, CONF_ssh_rekey_data);
     {
 	/* SSH-2 only by default */
@@ -1007,9 +1015,9 @@ void load_open_settings(settings_r *sesskey, Conf *conf)
     gppb(sesskey, "SshBanner", true, conf, CONF_ssh_show_banner);
     gppb(sesskey, "AuthTIS", false, conf, CONF_try_tis_auth);
     gppb(sesskey, "AuthKI", true, conf, CONF_try_ki_auth);
+#ifndef NO_GSSAPI
     gppb(sesskey, "AuthGSSAPI", true, conf, CONF_try_gssapi_auth);
     gppb(sesskey, "AuthGSSAPIKEX", true, conf, CONF_try_gssapi_kex);
-#ifndef NO_GSSAPI
     gprefs(sesskey, "GSSLibs", "\0",
 	   gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist);
     gppfile(sesskey, "GSSCustom", conf, CONF_ssh_gss_custom);
diff --git a/ssh.c b/ssh.c
index e35ebc64e2b5..e8ad61b8085d 100644
--- a/ssh.c
+++ b/ssh.c
@@ -50,7 +50,9 @@ struct Ssh {
     ssh_sharing_state *connshare;
     bool attempting_connshare;
 
+#ifndef NO_GSSAPI
     struct ssh_connection_shared_gss_state gss_state;
+#endif
 
     char *savedhost;
     int savedport;
@@ -252,10 +254,18 @@ static void ssh_got_ssh_version(struct ssh_version_receiver *rcv,
                     conf_get_bool(ssh->conf, CONF_tryagent), username,
                     conf_get_bool(ssh->conf, CONF_change_username),
                     conf_get_bool(ssh->conf, CONF_try_ki_auth),
+#ifndef NO_GSSAPI
                     conf_get_bool(ssh->conf, CONF_try_gssapi_auth),
                     conf_get_bool(ssh->conf, CONF_try_gssapi_kex),
                     conf_get_bool(ssh->conf, CONF_gssapifwd),
-                    &ssh->gss_state);
+                    &ssh->gss_state
+#else
+                    false,
+                    false,
+                    false,
+                    NULL
+#endif
+                    );
                 ssh_connect_ppl(ssh, userauth_layer);
                 transport_child_layer = userauth_layer;
 
@@ -267,7 +277,11 @@ static void ssh_got_ssh_version(struct ssh_version_receiver *rcv,
                 ssh->fullhostname,
                 ssh_verstring_get_local(old_bpp),
                 ssh_verstring_get_remote(old_bpp),
+#ifndef NO_GSSAPI
                 &ssh->gss_state,
+#else
+                NULL,
+#endif
                 &ssh->stats, transport_child_layer, false);
             ssh_connect_ppl(ssh, ssh->base_layer);
 
diff --git a/ssh2transport.c b/ssh2transport.c
index 8640d89d4be4..5e8955a0275f 100644
--- a/ssh2transport.c
+++ b/ssh2transport.c
@@ -1781,6 +1781,7 @@ static void ssh2_transport_gss_update(struct ssh2_transport_state *s,
     if (mins > 0 && s->gss_ctxt_lifetime <= mins * 60)
         s->gss_status |= GSS_CTXT_EXPIRES;
 }
+#endif /* NO_GSSAPI */
 
 ptrlen ssh2_transport_get_session_id(PacketProtocolLayer *ppl)
 {
@@ -1805,8 +1806,6 @@ void ssh2_transport_notify_auth_done(PacketProtocolLayer *ppl)
     queue_idempotent_callback(&s->ppl.ic_process_queue);
 }
 
-#endif /* NO_GSSAPI */
-
 static bool ssh2_transport_get_specials(
     PacketProtocolLayer *ppl, add_special_fn_t add_special, void *ctx)
 {
diff --git a/ssh2userauth.c b/ssh2userauth.c
index fc4139230557..7f5a129295ab 100644
--- a/ssh2userauth.c
+++ b/ssh2userauth.c
@@ -613,8 +613,10 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
                  * Scan it for method identifiers we know about.
                  */
                 bool srv_pubkey = false, srv_passwd = false;
-                bool srv_keyb_inter = false, srv_gssapi = false;
-                bool srv_gssapi_keyex_auth = false;
+                bool srv_keyb_inter = false;
+#ifndef NO_GSSAPI
+                bool srv_gssapi = false, srv_gssapi_keyex_auth = false;
+#endif
 
                 for (ptrlen method; get_commasep_word(&methods, &method) ;) {
                     if (ptrlen_eq_string(method, "publickey"))
@@ -623,10 +625,12 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
                         srv_passwd = true;
                     else if (ptrlen_eq_string(method, "keyboard-interactive"))
                         srv_keyb_inter = true;
+#ifndef NO_GSSAPI
                     else if (ptrlen_eq_string(method, "gssapi-with-mic"))
                         srv_gssapi = true;
                     else if (ptrlen_eq_string(method, "gssapi-keyex"))
                         srv_gssapi_keyex_auth = true;
+#endif
                 }
 
                 /*
diff --git a/sshserver.c b/sshserver.c
index 5f6e7ddeeaec..5c34bb356757 100644
--- a/sshserver.c
+++ b/sshserver.c
@@ -50,7 +50,9 @@ struct server {
     PacketProtocolLayer *base_layer;
     ConnectionLayer *cl;
 
+#ifndef NO_GSSAPI
     struct ssh_connection_shared_gss_state gss_state;
+#endif
 };
 
 static void ssh_server_free_callback(void *vsrv);
@@ -245,9 +247,11 @@ Plug *ssh_server_plug(
     bufchain_init(&srv->out_raw);
     bufchain_init(&srv->dummy_user_input);
 
+#ifndef NO_GSSAPI
     /* FIXME: replace with sensible */
     srv->gss_state.libs = snew(struct ssh_gss_liblist);
     srv->gss_state.libs->nlibraries = 0;
+#endif
 
     return &srv->plug;
 }
@@ -297,7 +301,9 @@ static void ssh_server_free_callback(void *vsrv)
     conf_free(srv->conf);
     log_free(srv->logctx);
 
+#ifndef NO_GSSAPI
     sfree(srv->gss_state.libs);        /* FIXME: replace with sensible */
+#endif
 
     sfree(srv);
 
@@ -442,7 +448,12 @@ static void server_got_ssh_version(struct ssh_version_receiver *rcv,
             srv->conf, NULL, 0, NULL,
             ssh_verstring_get_remote(old_bpp),
             ssh_verstring_get_local(old_bpp),
-            &srv->gss_state, &srv->stats, transport_child_layer, true);
+#ifndef NO_GSSAPI
+            &srv->gss_state,
+#else
+            NULL,
+#endif
+            &srv->stats, transport_child_layer, true);
         ssh2_transport_provide_hostkeys(
             srv->base_layer, srv->hostkeys, srv->nhostkeys);
         if (userauth_layer)
-- 
2.20.1

